Timing Channel Protection for a Shared Memory Controller
description
Transcript of Timing Channel Protection for a Shared Memory Controller
Timing Channel Protection for a Shared Memory Controller
Yao Wang, Andrew Ferraiuolo, G. Edward Suh
Feb 17th 2014
Timing Channel Protection for a Shared Memory Controller
Executive Summary Observation: Modern computing systems are
vulnerable to timing channel attacks
Problem: No hardware techniques exist to eliminate timing channels through a shared memory controller
Solution: Temporal Partitioning (TP)• Redesign the queueing structure of memory controller• TDM (Time Division Multiplexing) based scheduling
algorithm
Results:• TP completely eliminates memory timing channels• TP incurs small hardware and performance overheads
Page 3 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Timing Channels in Computing Systems
Timing channel attacks exploit timing channels caused by interference in shared resources• Processing pipelines, branch predictors, caches,
interconnect
Modern computing systems are increasingly vulnerable to timing channel attacks• More resource sharing: cloud computing platform
Page 4 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
SD 0 SD 1
Shared Resource
SD N
SD: Security Domain
Timing Channel Protection for a Shared Memory Controller
Timing Channel Protection Microarchitecture-level timing channel protection
needs hardware-based protection• Timing behaviors are hard to control in software layers
Various hardware-based protections have been proposed• Cache, on-chip network
Protection mechanisms still need to be developed for other shared hardware resources• Branch predictor, memory controller, etc
Page 5 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Covert Channel Through Memory One program can affect the memory latency of
another program by controlling its memory intensity• May use the variation to covertly send a bit sequence
Page 6 of 23
Core 0
$
Core 1
$Bus
Memory 0
1 1
0
1
0 0
1
0 20000 40000 60000 80000 100000 1200000
100200300400500600700800
Time (cycle)
Mem
ory
Requ
ests
per
50
00 cy
cles
SD 0 SD 1
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Our Objective Design a new memory controller that:
• Completely eliminate timing channels• Easy to implement• Adds small performance overhead
Page 7 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
How Memory Controller Works Request queues
• A request is stored based on its bank address
Bank arbiter• Pick one request for each
bank
Transaction scheduler• Pick one request globally• Meet DRAM timing
constraints
Page 8 of 23
Bank 0Arbiter
Transaction Scheduler
Bank 0
Bank 1Arbiter
Bank 1
Bank NArbiter
Bank N
Core 0 Core 1
Memory Controller
$ $Bus
DRAM
SD 0 SD 1
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Bank 0Arbiter
Sources of Interference Bank arbitration
• One domain delays another domain at a queue
Page 9 of 23
Transaction Scheduler
Bank 0
Bank 1Arbiter
Bank 1
Bank NArbiter
Bank N
DRAM
Memory Controller
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Sources of Interference Bank arbitration
• One domain delays another domain at a queue
Scheduler arbitration• One domain delays another
domain in transaction scheduling
Page 10 of 23
DRAM
Motivation • Memory Interference • Protection Scheme • Results • Summary
Bank 0Arbiter
Transaction Scheduler
Bank 0
Bank 1Arbiter
Bank 1
Bank NArbiter
Bank N
Memory Controller
Timing Channel Protection for a Shared Memory Controller
Sources of Interference Bank arbitration
• One domain delays another domain at a queue
Scheduler arbitration• One domain delays another
domain in transaction scheduling
DRAM device• One domain changes the
DRAM state that another domain sees
Page 11 of 23
DRAM
Motivation • Memory Interference • Protection Scheme • Results • Summary
Bank 0Arbiter
Transaction Scheduler
Bank 0
Bank 1Arbiter
Bank 1
Bank NArbiter
Bank N
Memory Controller
Timing Channel Protection for a Shared Memory Controller
Per Security Domain Queueing Structure Group requests based on the security domain
• Each queue contains accesses from only one domain
Eliminate bank arbitration interference
Page 12 of 23
SD 0Arbiter
Transaction Scheduler
SD 0
SD 1Arbiter
SD NArbiter
SD 1 SD N
DRAM
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
TDM-based Scheduling Divide time into static turns
• Only one security domain can issue requests in each turn
Eliminates scheduler arbitration interference
Page 13 of 23
DRAM Time Slots TimeSD 0 SD 1 SD N
Turn
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
However… Static time multiplexing is NOT enough
• In-flight transactions towards the end of a turn may interfere with a transaction in the next turn
Solution: add dead time at the end of each turn• Enough to drain all types of in-flight transactions• Close-page policy
Eliminate DRAM device interference
Page 14 of 23
DRAM Time Slots TimeSD 0 SD 1 SD N
DRAM Time Slots TimeSD 0 SD 1 SD N
Tdead
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Optimizations: Bank Partitioning Ensure no bank conflict when switching turns
• In-flight transactions need not be drained before turn switches
• Greatly reduce dead time: 46 cycles -> 8 cycles
Page 15 of 23
SD 0Arbiter
Transaction Scheduler
SD 0
SD 1Arbiter
SD 1
Bank 0 Bank 1 Bank 2 Bank 3
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Optimizations: App-Aware Turn Length Statically set turn lengths to match memory intensity
• Allocate more memory bandwidth to memory intensive security domains
• NOT a security concern as long as the allocation is static
Page 16 of 23
DRAM Time Slots TimeSD 0 SD 1 SD N
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Methodology Integrated gem5 with DRAMSim2 to simulate detailed
DRAM behavior• Two 2GHz CPU• 32 KB private L1 caches• 256 KB private L2 caches• 4 MB shared L3 cache• 2 GB DDR3 667 MHz DRAM, 1 channel, 8 banks, 2 ranks
Workloads• Multi-programmed workloads using SPEC2006
benchmarks• Assume two security domains
Baseline scheme: FR-FCFS
Page 17 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Security Evaluation Run SPEC2006 benchmarks in pairs
• Fix one benchmark and vary the other benchmark• Measure the memory request timing of the fixed
benchmark
Page 18 of 23
0 5000 10000 15000 20000 250000
10002000300040005000600070008000
TP-Tw TP-4096 FR-FCFS
Index of Memory Requests in Order
Retu
rn T
ime
Diffe
renc
e (c
ycle
)
Core 0
$
Core 1
$Bus
Memory
bzip2 astar
Core 0
$
Core 1
$Bus
Memory
bzip2 mcf
insecure
secure
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Performance Evaluation Metrics For each benchmark
• Run in pair with another benchmark• Average across all combinations
For benchmark
Page 19 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Memory Latency Overhead
Memory latency increases by 50%-140%• Static turn scheduling
Page 20 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
020406080
100120140160
IO coresO3 cores
Late
ncy
over
head
(%)
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Execution Time Overhead
Moderate slowdown compared to no protection• Memory latency only affects L3 cache misses
Page 21 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
01234567
IO coresO3 cores
Nor
mal
ized
Slo
wdo
wn
(%)
0.4-0.6%
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Sensitivity Study: Turn Length
Turn length tradeoff• Longer turn lengthPro: Allow more burst requests, less dead time overheadCon: Increase memory latency
Page 22 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
02468
10121416
TP_minTP_64TP_128TP_512
Nor
mal
ized
Slo
wdo
wn
(%)
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Optimization Results
Bank Partition(BP) improves performance significantly
App-Aware Turn length(ATL) improves performance for applications with unbalanced memory intensities
BP and ATL can be combined to further improve performance
Page 23 of 23
(H, H) (H, L)0
20406080
100120140160
TPTP+BPTP+ATLTP+BP+ATL
Nor
mal
ized
Slo
wdo
wn
(%)
Motivation • Memory Interference • Protection Scheme • Results • Summary
H: 100 MPKIL: ~0 MPKI
Timing Channel Protection for a Shared Memory Controller
Summary Observation: Modern computing systems are
increasingly vulnerable to timing channel attacks
Problem: No hardware techniques exist to eliminate timing channels through a shared memory controller
Solution: Temporal Partitioning (TP)• Redesign the queueing structure of memory controller• TDM (Time Division Multiplexing) based scheduling
algorithm• Dead time to drain in-flight requests
Results:• TP completely eliminates memory timing channels• TP incurs small hardware and performance overheads
Page 24 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Yao Wang, Andrew Ferraiuolo, G. Edward Suh
Page 25 of 23
Timing Channel Protection for a Shared Memory Controller
Backup Slides
Page 26 of 23
Timing Channel Protection for a Shared Memory Controller
Complexity Queueing structure
• Per-bank queue VS. Per-domain queue
Scheduling logic• Similar scheduling logic to open-page scheduler
Counters• keep track of dead time and turn switch
Page 27 of 23Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Scalability with Optimizations?
Page 28 of 23
Timing Channel Protection for a Shared Memory Controller
Information Flow Security Information flow security is crucial for building
systems with strong security
Confidentiality: sensitive info non-sensitive info• Cloud computing, mobile devices
Integrity: untrusted info trusted info• Aircraft control system, bank system
Various attacks that break information security• Information leakage through co-resident VMs in Amazon
EC2[1]
Page 29 of 23
[1] T. Ristenpart et al. Hey, You, Get O my Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In CCS Conference, 2009.ff
Timing Channel Protection for a Shared Memory Controller
Related Works Microarchitecture timing channels
• Attacks: processing pipelines, branch predictors, caches, etc
• Solutions: caches, on-chip network, timewarp
Verifiable hardware information flow control• Verify the information flow in hardware design• GLIFT, Caisson, Sapper
Architecture for secure cloud computing• Bastion, NoHype, H-SVM, Ascend
Page 30 of 23
Timing Channel Protection for a Shared Memory Controller
Memory Intensity Study MPKI: Misses Per Kilo Instructions
Page 31 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
n0
5
10
15
20
25
30
35
40
0MB1MB2MB4MB
MPK
I
Timing Channel Protection for a Shared Memory Controller
Open Page vs. Close Page (IO)
Performance of the two row buffer policies are comparable for SPEC2006 benchmarks
Page 32 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
n-0.06-0.05-0.04-0.03-0.02-0.01
00.010.02
0MB1MB2MB4MB
Nor
mal
ized
Slo
wdo
wn
(%)
Timing Channel Protection for a Shared Memory Controller
Open Page vs. Close Page (O3)
Performance of the two row buffer policies are comparable for SPEC2006 benchmarks
Page 33 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
n-0.16
-0.12
-0.08
-0.04
0
0.040MB1MB2MB4MB
Nor
mal
ized
Slo
wdo
wn
(%)
Timing Channel Protection for a Shared Memory Controller
Sensitivity Study: Turn Length(IO)
Turn length tradeoff• In-order core favors shorter turn length because of
lacking memory parallelism
Page 34 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
02468
1012141618
TP_TwTP_64TP_128TP_512
Nor
mal
ized
Slo
wdo
wn
(%)
Background • Motivation • Our Goal • Approach • Results • Conclusion
Timing Channel Protection for a Shared Memory Controller
Sensitivity Study: Cache Size(IO)
Performance increases with L3 cache size• Larger last-level cache reduces # of memory accesses
Page 35 of 23Background • Motivation • Our Goal • Approach • Results • Conclusion
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
05
101520253035
0 MB1 MB2 MB4 MB
Nor
mal
ized
Slo
wdo
wn
(%)
Timing Channel Protection for a Shared Memory Controller
Sensitivity Study: Cache Size(O3)
Performance increases with L3 cache size• Larger last-level cache reduces # of memory accesses
Page 36 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
0
5
10
15
20
25
30
0 MB1 MB2 MB4 MB
Nor
mal
ized
Slo
wdo
wn
(%)
Motivation • Memory Interference • Protection Scheme • Results • Summary
Timing Channel Protection for a Shared Memory Controller
Scalability (IO)
Scale reasonably well with # of security domains
Page 37 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
0
5
10
15
20
25
30
2 domains3 domains4 domains
Nor
mal
ized
Slo
wdo
wn
(%)
Timing Channel Protection for a Shared Memory Controller
Scalability(O3)
Page 38 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
0
5
10
15
20
25
302 domains3 domains4 domains
Nor
mal
ized
Slo
wdo
wn
(%)
Background • Motivation • Our Goal • Approach • Results • Conclusion
Scale reasonably well with # of security domains
Timing Channel Protection for a Shared Memory Controller
Scalability with BP (IO)
Page 39 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
0
5
10
15
20
25
2 domains3 domains4 domains
Nor
mal
ized
Slo
wdo
wn
(%)
Perform slightly better than just using TP
Timing Channel Protection for a Shared Memory Controller
Scalability with BP (IO)
Page 40 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
nAvg
0
5
10
15
20
25
30
2 domains3 domains4 domains
Nor
mal
ized
Slo
wdo
wn
(%)
Perform slightly better than just using TP
Timing Channel Protection for a Shared Memory Controller
Bank Partitioning for SPEC2006 (IO)
Page 41 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
n01234567
TPTP+BP
Nor
mal
ized
Slo
wdo
wn
(%)
L3 cache: 4MB Turn length: 64 cycles
Timing Channel Protection for a Shared Memory Controller
Bank Partitioning for SPEC2006 (O3)
Page 42 of 23
astar
bzip2 gcc
gobmk
h264ref
hmmer
libquan
tum mcfsje
ngXala
n-101234567
TPTP+BP
Nor
mal
ized
Slo
wdo
wn
(%)
L3 cache: 4MB Turn length: 64 cycles
Timing Channel Protection for a Shared Memory Controller
DRAM Module Specification DDR3 667MHz Bus Width: 64 bits NUM_BANKS=8 NUM_ROWS=16384 NUM_COLS=1024 DEVICE_WIDTH=16
Page 43 of 23
Timing Parameters Cycles
CL 10
BL 8
tRAS 24
tRCD 10
tRRD 4
tRC 34
tRP 10
tCCD 4
tRTP 5
tWTR 5
tWR 10
tRFC 74
tFAW 20
tRTRS 1